summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Schneider2019-09-10 16:12:10 +0200
committerChristian Schneider2019-09-10 16:12:10 +0200
commite91007ce1623a25818fc6545662caad683bf696b (patch)
tree59e7b675e79e77d31127fb753c2bf99ee27de017
parent7cacb3fbd49cdd5b960242e5c988e94d823eae67 (diff)
downloaditools-e91007ce1623a25818fc6545662caad683bf696b.tar.gz
itools-e91007ce1623a25818fc6545662caad683bf696b.tar.bz2
itools-e91007ce1623a25818fc6545662caad683bf696b.zip
Revert "New it_session::setcookie() which uses SameSite=Lax"
This reverts commit 7cacb3fbd49cdd5b960242e5c988e94d823eae67.
-rw-r--r--it_session.class16
-rw-r--r--it_user.class2
2 files changed, 3 insertions, 15 deletions
diff --git a/it_session.class b/it_session.class
index 866e197..f1dc541 100644
--- a/it_session.class
+++ b/it_session.class
@@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide
$result = !$valid; /* Setting to invalid succeeded or setting to valid failed */
}
- self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]);
+ @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
$_COOKIE[$this->cookiename] = $this->cookie;
return $result;
@@ -190,7 +190,7 @@ function create_login_identifier()
if (!$this->cookie)
{
$this->cookie = md5(uniqid(rand())); /* random garbage */
- self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]);
+ @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
}
$login_identifier = $this->_mkcookie("", $this->cookie);
@@ -240,18 +240,6 @@ function check_signature($text, $signature)
($this->_sign($text, $this->prev) == $signature));
}
-/*
- * Set cookie with options as safe as possible for session
- * @param $p['name'] Name of cookie
- * @param $p['value'] Value of cookie
- * @param $p Other options: expires, path, domain, secure, httponly and samesite
- */
-static function setcookie($p)
-{
- $p += [ 'path' => '/', 'httponly' => true, 'samesite' => 'Lax' ];
- return version_compare(PHP_VERSION, '7.3.0') >= 0 ? @setcookie($p['name'], $p['value'], $p) : @setcookie($p['name'], $p['value'], $p['expires'], $p['path'], $p['domain'], $p['secure'], $p['httponly']);
-}
-
} /* End class it_user */
?>
diff --git a/it_user.class b/it_user.class
index a972130..26046cf 100644
--- a/it_user.class
+++ b/it_user.class
@@ -205,7 +205,7 @@ function _set_uid($uid)
if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid))
{
- it_session::setcookie([ 'name' => $this->p['uidcookiename'], 'value' => $uid, 'expires' => _IT_USER_UID_COOKIE_LIFETIME, 'domain' => $this->domain, 'secure' => false ]);
+ @setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true);
$_COOKIE[$this->p['uidcookiename']] = $uid;
}
}